php suddenly doesn't work

psyqosis · January 3, 2008

Hi. My web host just updated their servers, and since then, part of my code allowing access control into a database back-end doesn't work. I've talked with the host and they claim nothing should have changed, though I haven't changed anything either.

The database connect string is fine & the database has the correct MySQL user account setup in my admin panel. Below is the code in question (simple login screen shown; if access is passed, more code displays the actual page). The issue is that whether correct or incorrect credentials are entered & submitted, the page simply reloads itself.

<?php session_start(); ?>

$database = "statz07_default" or die(mysql_error());

$db = mysql_connect("localhost", "statz07_statz07", "Q9e6LNY") or die(mysql_error());

mysql_select_db($database, $db) or die(mysql_error());

<head>

</head>

<body>

<?php

if (!isset($name)) { ?>

<tr>

<tr>

</tr>

<tr>

<h3>Please Sign In</h3>

<tr><td align=right nowrap>Password &nbsp</td><td><input type="password" name="pswd"></td></tr>

</table>

</center>

</form>

</td>

</tr>

</table>

</td>

</tr>

</table>

<?php

exit;

}

session_register("name");

session_register("pswd");

session_register("uid");

$sql="SELECT * FROM users WHERE un='$name' AND pw='$pswd';";

$result = mysql_query($sql, $db);

if (mysql_num_rows($result)>0) {

$uid = mysql_result($result, 0, 'id');

}

if (mysql_num_rows($result) == 0) {

session_unregister("name");

session_unregister("pswd");

session_unregister("uid");

?>

<tr>

<tr>

</tr>

<tr>

<h5 class="error">Your login details have not been recognised.</h5>

<h5>Please try again by <a href="<?php echo $PHP_SELF; ?>">clicking here</a>.</h5>

</td>

</tr>

</table>

</td>

</tr>

</table>

<?php

exit;

}

?>

revraz · January 3, 2008

So you are storing the PWs in plain text in the DB?

And what did they actually upgrade, PHP or MYSQL?

wildteen88 · January 3, 2008

Looks like your code relies upon register globals and maybe the reason why your site does work. You should try to update your code.

revraz · January 3, 2008

Also, there is no way this code worked as is. This is your first line:

<?php session_start(); ?>

$database = "statz07_default" or die(mysql_error());

$db = mysql_connect("localhost", "statz07_statz07", "Q9e6LNY") or die(mysql_error());

mysql_select_db($database, $db) or die(mysql_error());

So you close PHP but then assign variables right after. Move the ?> to after the mysql_select_db statement.

PFMaBiSmAd · January 3, 2008

The or die(mysql_error()); that is part of the $database = "statz07_default" line of code is bogus as well.

psyqosis · January 3, 2008

revraz- the php close was a copy/paste error into this forum. the code worked good.

yes storing pws in plain text

updated php and mysql

wildteen- what do i do to "update" my code regarding register globals?

thanks

Daukan · January 3, 2008

You should update your code so it does not rely on register globals. But as a temporary fix make a .htaccess file or add this to it if it already exits. This will only work on nix machines btw

php_flag register_globals 1

revraz · January 3, 2008

Here

<tr><td align=right nowrap>Name &nbsp</td><td><input type="text" name="name"></td></tr>

session_register("name");

needs to change to



<tr><td align=right nowrap>Name &nbsp</td><td><input type="text" name="name"></td></tr>

$_SESSION['name']=$_POST['name'];

All of those have to be redone.

PFMaBiSmAd · January 3, 2008

There is also at least one $PHP_SELF that needs to be changed to $_SERVER['PHP_SELF']

Checking your web server log file or turning on full php error reporting will help in finding the places in the code that need to be changed.

The .htaccess temporary work around will only work on Apache web servers where php is running as an apache module. Where php is running as a CGI wrapper, you should have the ability to use a local php.ini file.

psyqosis · January 3, 2008

Okay, I changed the syntax for variable registration to:

$_SESSION['name']=$_POST['name'];

$_SESSION['pswd']=$_POST['pswd'];

$_SESSION['uid']=$_POST['uid'];

...and all the $PHP_SELF references to $_SERVER['PHP_SELF'], but there's still no change.

the page is at www.statzbarandgrill.com/admin if anyone wants to see what happens. no matter if the credentials are correct or not, the page still simply resets.

awpti · January 3, 2008

Sounds like you need to chop it up and start bughunting bit by bit. Verify values from the submitted form.

Verify they are evaluating as expected

Create and verify the session data exists and evaluates.

So on and so forth.

revraz · January 3, 2008

Where is your Submit code and why do you have a 2nd form below (with no closing tag)?

PFMaBiSmAd · January 3, 2008

Every variable that gets set from the form, $name as an example, needs to be set from the corresponding $_POST['name'].

Turning on full php error reporting will help you find this and any other variables that are not define and where they are.

Sign In

php suddenly doesn't work

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information